============ { Ariko-Security - Advisory #2/5/2010 } =============
XSS, SQL injection vulnerability in I-Vision CMS
Vendor's Description of Software:
Dork:
Application Info:
Vulnerability Info:
Fix:
Time Table:
Input passed via the "type" parameter to inner.php is not properly
sanitised before being used in a SQL query.
Input passed to the "keys" parameter in search.php is not properly
sanitised before being returned to the user.
Solution:
Vulnerability:
Credit:
#Advisory:
http://www.ariko-security.com/may2010/audyt_bezpieczenstwa_677.html
Ariko-Security
[email protected]
tel.: +48512946012 (Mo-Fr 10.00-20.00 CET)